package-intel
Verified Safeby BUZDOLAPCI
Overview
Query various package registries (npm, PyPI, crates.io) to retrieve metadata, release history, and maintenance signals for software packages.
Installation
npm startEnvironment Variables
- PORT
- REQUEST_TIMEOUT
- USER_AGENT
- CACHE_TTL
- LOG_LEVEL
Security Notes
The server makes external HTTP requests to package registries, implementing timeouts and robust error handling for network issues, 404s, and rate limiting. Input validation for `ecosystem` and `name` parameters is performed to prevent invalid requests. Configuration values are loaded from environment variables, preventing hardcoded secrets. There is no usage of `eval` or `child_process` (beyond standard `fetch`) for potentially dangerous code execution. While `JSON.parse` is used for incoming requests, typical Node.js server configurations usually mitigate risks associated with excessively large or malformed JSON payloads.
Similar Servers
python-dependency-manager-companion-mcp-server
Provides up-to-date information and commands for various Python package managers (pip, conda, poetry, uv, pixi, pdm) by cross-referencing official documentation.
package-registry-mcp
Enables AI assistants and agents to search various package registries (NPM, Cargo, NuGet, PyPI, Go) and retrieve up-to-date package information.
pypi-query-mcp-server
A Model Context Protocol (MCP) server for querying PyPI package information, dependencies, and compatibility checking, assisting AI agents in Python development workflows.
doc-mcp-server
Provides real-time access to up-to-date documentation from various package ecosystems (PyPI, npm, GitHub, etc.) for LLM-powered coding agents, mitigating hallucination and outdated information.